Samba AD + OpenSSH LPK Schema

000-README.md

Samba AD + openssh-lpk Schema

Add openssh-lpk Schema [1] to Samba 4 ad dc.

Usage

sed -i -e 's/${DOMAINDN}/DC=your,DC=domain,DC=name/' *.ldif'

ldbmodify -H /var/lib/samba/private/sam.ldb 001-sshPublicKey-attr.ldif --option="dsdb:schema update allowed"=true
ldbmodify -H /var/lib/samba/private/sam.ldb 002-ldapPublicKey-class.ldif --option="dsdb:schema update allowed"=true
ldbmodify -H /var/lib/samba/private/sam.ldb 003-user-class.ldif --option="dsdb:schema update allowed"=true

---

[1] https://openssh-lpk.googlecode.com/files/openssh-lpk_openldap.schema

001-sshPublicKey-attr.ldif

dn: CN=sshPublicKey,CN=Schema,CN=Configuration,${DOMAINDN}
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.4.1.24552.500.1.1.1.13
schemaIDGUID:: fHCvUrxcsUSrYRq8nUvw5Q==
cn: sshPublicKey
name: sshPublicKey
lDAPDisplayName: sshPublicKey
description: MANDATORY: OpenSSH Public key
attributeSyntax: 2.5.5.10
oMSyntax: 4
isSingleValued: FALSE

002-ldapPublicKey-class.ldif

dn: CN=ldapPublicKey,CN=Schema,CN=Configuration,${DOMAINDN}
objectClass: top
objectClass: classSchema
governsID: 1.3.6.1.4.1.24552.500.1.1.2.0
schemaIDGUID:: yfKd3707f0qnSxgXE9qYeA==
cn: ldapPublicKey
name: ldapPublicKey
description: MANDATORY: OpenSSH LPK objectclass
lDAPDisplayName: ldapPublicKey
subClassOf: top
objectClassCategory: 3
defaultObjectCategory: CN=ldapPublicKey,CN=Schema,CN=Configuration,${DOMAINDN}
mayContain: sshPublicKey

003-user-class.ldif

dn: CN=User,CN=Schema,CN=Configuration,${DOMAINDN}
changetype: modify
add: auxiliaryClass
auxiliaryClass: ldapPublicKey